From e205b25d65ccb380fa158711e24d55b6de5d9bc1 Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Thu, 16 Feb 2006 19:19:58 +0000 Subject: Reorganised the source tree. We now have src/ with a couple of subdirs: * daemon/ - Contains the files specific to the polypaudio daemon. * modules/ - All loadable modules. * polyp/ - Files that are part of the public, application interface or are only used in libpolyp. * polypcore/ - All other shared files. * tests/ - Test programs. * utils/ - Utility programs. git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@487 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 src/daemon/caps.c (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c new file mode 100644 index 00000000..8d429459 --- /dev/null +++ b/src/daemon/caps.c @@ -0,0 +1,131 @@ +/* $Id$ */ + +/*** + This file is part of polypaudio. + + polypaudio is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published + by the Free Software Foundation; either version 2 of the License, + or (at your option) any later version. + + polypaudio is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with polypaudio; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + USA. +***/ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#ifdef HAVE_SYS_CAPABILITY_H +#include +#endif + +#include +#include "caps.h" + +#ifdef HAVE_GETUID + +/* Drop root rights when called SUID root */ +void pa_drop_root(void) { + uid_t uid = getuid(); + + if (uid == 0 || geteuid() != 0) + return; + + pa_log_info(__FILE__": dropping root rights.\n"); + +#if defined(HAVE_SETRESUID) + setresuid(uid, uid, uid); +#elif defined(HAVE_SETREUID) + setreuid(uid, uid); +#else + setuid(uid); + seteuid(uid); +#endif +} + +#else + +void pa_drop_root(void) { +} + +#endif + +#ifdef HAVE_SYS_CAPABILITY_H + +/* Limit capabilities set to CAPSYS_NICE */ +int pa_limit_caps(void) { + int r = -1; + cap_t caps; + cap_value_t nice_cap = CAP_SYS_NICE; + + caps = cap_init(); + assert(caps); + + cap_clear(caps); + + cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET); + cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET); + + if (cap_set_proc(caps) < 0) + goto fail; + + pa_log_info(__FILE__": dropped capabilities successfully.\n"); + + r = 0; + +fail: + cap_free (caps); + + return r; +} + +/* Drop all capabilities, effectively becoming a normal user */ +int pa_drop_caps(void) { + cap_t caps; + int r = -1; + + caps = cap_init(); + assert(caps); + + cap_clear(caps); + + if (cap_set_proc(caps) < 0) { + pa_log(__FILE__": failed to drop capabilities: %s\n", strerror(errno)); + goto fail; + } + + r = 0; + +fail: + cap_free (caps); + + return r; +} + +#else + +/* NOOPs in case capabilities are not available. */ +int pa_limit_caps(void) { + return 0; +} + +int pa_drop_caps(void) { + pa_drop_root(); + return 0; +} + +#endif + -- cgit From 5eda18bf608a325c136a450e58fa154eb0b270f4 Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Fri, 17 Feb 2006 12:10:58 +0000 Subject: Cleaned up the includes after the restructuring. Indicate which headers are public and which are internal through <> vs "". git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@500 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 8d429459..e12d33fb 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -33,6 +33,7 @@ #endif #include + #include "caps.h" #ifdef HAVE_GETUID -- cgit From 4a64b0d1167e980d81b798d813f35209895f0674 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 23 Feb 2006 02:27:19 +0000 Subject: change pa_log() and friends to not require a trailing \n on all logged strings git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@574 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index e12d33fb..5c52b77a 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -45,7 +45,7 @@ void pa_drop_root(void) { if (uid == 0 || geteuid() != 0) return; - pa_log_info(__FILE__": dropping root rights.\n"); + pa_log_info(__FILE__": dropping root rights."); #if defined(HAVE_SETRESUID) setresuid(uid, uid, uid); @@ -83,7 +83,7 @@ int pa_limit_caps(void) { if (cap_set_proc(caps) < 0) goto fail; - pa_log_info(__FILE__": dropped capabilities successfully.\n"); + pa_log_info(__FILE__": dropped capabilities successfully."); r = 0; @@ -104,7 +104,7 @@ int pa_drop_caps(void) { cap_clear(caps); if (cap_set_proc(caps) < 0) { - pa_log(__FILE__": failed to drop capabilities: %s\n", strerror(errno)); + pa_log(__FILE__": failed to drop capabilities: %s", strerror(errno)); goto fail; } -- cgit From f426b58e5c1c584aba8fd37fe7f2e523410b78bc Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Tue, 25 Apr 2006 07:13:44 +0000 Subject: glibc <= 2.2 has a broken unistd.h, lacking setresuid(). git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@795 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 5c52b77a..8740b7e8 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -36,6 +36,12 @@ #include "caps.h" +/* Glibc <= 2.2 has broken unistd.h */ +#if defined(linux) && (__GLIBC__ <= 2 && __GLIBC_MINOR__ <= 2) +int setresgid(gid_t r, gid_t e, gid_t s); +int setresuid(uid_t r, uid_t e, uid_t s); +#endif + #ifdef HAVE_GETUID /* Drop root rights when called SUID root */ -- cgit From 4e3dc7ce68561c16254712d713b2ccd472b8afe7 Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Mon, 22 May 2006 15:20:46 +0000 Subject: Wrap strerror() in a function that makes it thread safe and converts the output to UTF-8. git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@945 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 8740b7e8..4942868c 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -32,6 +32,8 @@ #include #endif +#include + #include #include "caps.h" @@ -110,7 +112,7 @@ int pa_drop_caps(void) { cap_clear(caps); if (cap_set_proc(caps) < 0) { - pa_log(__FILE__": failed to drop capabilities: %s", strerror(errno)); + pa_log(__FILE__": failed to drop capabilities: %s", pa_cstrerror(errno)); goto fail; } -- cgit From 4413b89d7a45587b545a31463ad2196767f45563 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 25 May 2006 17:16:55 +0000 Subject: * split pa_cstrerror() into its own file polypcore/core-error.[ch] * fix building of padsp * remove a warning when compiling padsp.c git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@972 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 4942868c..5e24da82 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -32,7 +32,7 @@ #include #endif -#include +#include #include -- cgit From f44ba092651aa75055e109e04b4164ea92ae7fdc Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 19 Jun 2006 21:53:48 +0000 Subject: big s/polyp/pulse/g git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1033 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 5e24da82..dc74bc7d 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -1,20 +1,20 @@ /* $Id$ */ /*** - This file is part of polypaudio. + This file is part of PulseAudio. - polypaudio is free software; you can redistribute it and/or modify + PulseAudio is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - polypaudio is distributed in the hope that it will be useful, but + PulseAudio is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU Lesser General Public License - along with polypaudio; if not, write to the Free Software + along with PulseAudio; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. ***/ @@ -32,9 +32,9 @@ #include #endif -#include +#include -#include +#include #include "caps.h" -- cgit From 57d8a315ea3c3e4e19e19fe1d293ca941d6229d5 Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Thu, 20 Jul 2006 13:19:16 +0000 Subject: Move check for SUID into the caps functions. git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1119 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index dc74bc7d..957824d9 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -27,6 +27,7 @@ #include #include #include +#include #ifdef HAVE_SYS_CAPABILITY_H #include @@ -80,6 +81,10 @@ int pa_limit_caps(void) { cap_t caps; cap_value_t nice_cap = CAP_SYS_NICE; + /* Only drop caps when called SUID */ + if (getuid() != 0) + return 0; + caps = cap_init(); assert(caps); @@ -106,6 +111,10 @@ int pa_drop_caps(void) { cap_t caps; int r = -1; + /* Only drop caps when called SUID */ + if (getuid() != 0) + return 0; + caps = cap_init(); assert(caps); -- cgit From a7cf5e0f2de5474b4a1131a4254a56229436b7f7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sat, 29 Jul 2006 15:34:36 +0000 Subject: fix two typos (pierre, have you been sleeping? next time please the comments wrong but the code right, not the other way round! ;-)) git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1170 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 957824d9..8ae43fb2 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -82,7 +82,7 @@ int pa_limit_caps(void) { cap_value_t nice_cap = CAP_SYS_NICE; /* Only drop caps when called SUID */ - if (getuid() != 0) + if (getuid() == 0) return 0; caps = cap_init(); @@ -112,7 +112,7 @@ int pa_drop_caps(void) { int r = -1; /* Only drop caps when called SUID */ - if (getuid() != 0) + if (getuid() == 0) return 0; caps = cap_init(); -- cgit From e385d93e5aad6a6fce754c00c804ff1d6a6746d4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 18 Aug 2006 21:38:40 +0000 Subject: remove all occurences of pa_logXXX(__FILE__": and replace them by pa_logXXX(" git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1272 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 8ae43fb2..cebdaebc 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -54,7 +54,7 @@ void pa_drop_root(void) { if (uid == 0 || geteuid() != 0) return; - pa_log_info(__FILE__": dropping root rights."); + pa_log_info("dropping root rights."); #if defined(HAVE_SETRESUID) setresuid(uid, uid, uid); @@ -96,7 +96,7 @@ int pa_limit_caps(void) { if (cap_set_proc(caps) < 0) goto fail; - pa_log_info(__FILE__": dropped capabilities successfully."); + pa_log_info("dropped capabilities successfully."); r = 0; @@ -121,7 +121,7 @@ int pa_drop_caps(void) { cap_clear(caps); if (cap_set_proc(caps) < 0) { - pa_log(__FILE__": failed to drop capabilities: %s", pa_cstrerror(errno)); + pa_log("failed to drop capabilities: %s", pa_cstrerror(errno)); goto fail; } -- cgit From 521daf6f0ac4fa6a2fbfb5d523c0c743342dca2b Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Thu, 4 Jan 2007 13:43:45 +0000 Subject: Huge trailing whitespace cleanup. Let's keep the tree pure from here on, mmmkay? git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1418 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index cebdaebc..db4bd919 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -2,17 +2,17 @@ /*** This file is part of PulseAudio. - + PulseAudio is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + PulseAudio is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with PulseAudio; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 @@ -50,7 +50,7 @@ int setresuid(uid_t r, uid_t e, uid_t s); /* Drop root rights when called SUID root */ void pa_drop_root(void) { uid_t uid = getuid(); - + if (uid == 0 || geteuid() != 0) return; @@ -96,13 +96,13 @@ int pa_limit_caps(void) { if (cap_set_proc(caps) < 0) goto fail; - pa_log_info("dropped capabilities successfully."); - + pa_log_info("dropped capabilities successfully."); + r = 0; fail: cap_free (caps); - + return r; } @@ -124,12 +124,12 @@ int pa_drop_caps(void) { pa_log("failed to drop capabilities: %s", pa_cstrerror(errno)); goto fail; } - + r = 0; fail: cap_free (caps); - + return r; } -- cgit From 06211b7c8fd329137ae9003818543912a87d9898 Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Tue, 13 Feb 2007 15:35:19 +0000 Subject: Add copyright notices to all relevant files. (based on svn log) git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1426 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index db4bd919..2ea51c9f 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -3,6 +3,9 @@ /*** This file is part of PulseAudio. + Copyright 2004-2006 Lennart Poettering + Copyright 2006 Pierre Ossman for Cendio AB + PulseAudio is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, -- cgit From 4d88fcd59da84ac4f09113855c8f15384a4e05c3 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 25 May 2007 20:35:30 +0000 Subject: when called with the setid bit change euid to uid sooner to make sure that we can access our own files even when we dropped most capabilities. (Closes #21) git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1455 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 2ea51c9f..8043230c 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -35,6 +35,9 @@ #ifdef HAVE_SYS_CAPABILITY_H #include #endif +#ifdef HAVE_SYS_PRCTL_H +#include +#endif #include @@ -76,35 +79,31 @@ void pa_drop_root(void) { #endif -#ifdef HAVE_SYS_CAPABILITY_H +#if defined(HAVE_SYS_CAPABILITY_H) && defined(HAVE_SYS_PRCTL_H) -/* Limit capabilities set to CAPSYS_NICE */ +/* Limit permitted capabilities set to CAPSYS_NICE */ int pa_limit_caps(void) { int r = -1; cap_t caps; cap_value_t nice_cap = CAP_SYS_NICE; - /* Only drop caps when called SUID */ - if (getuid() == 0) - return 0; - caps = cap_init(); assert(caps); - cap_clear(caps); - - cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET); cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET); if (cap_set_proc(caps) < 0) goto fail; + if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) + goto fail; + pa_log_info("dropped capabilities successfully."); - - r = 0; + + r = 1; fail: - cap_free (caps); + cap_free(caps); return r; } @@ -114,24 +113,22 @@ int pa_drop_caps(void) { cap_t caps; int r = -1; - /* Only drop caps when called SUID */ - if (getuid() == 0) - return 0; - caps = cap_init(); assert(caps); cap_clear(caps); + prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0); + if (cap_set_proc(caps) < 0) { pa_log("failed to drop capabilities: %s", pa_cstrerror(errno)); goto fail; } - + r = 0; fail: - cap_free (caps); + cap_free(caps); return r; } -- cgit From 1e12e0ee8dfdda1632b9c082aba6fc1956813a5b Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 29 May 2007 17:24:48 +0000 Subject: Kill spaces on EOL git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1465 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 8043230c..f92db743 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -97,9 +97,9 @@ int pa_limit_caps(void) { if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) goto fail; - + pa_log_info("dropped capabilities successfully."); - + r = 1; fail: @@ -119,12 +119,12 @@ int pa_drop_caps(void) { cap_clear(caps); prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0); - + if (cap_set_proc(caps) < 0) { pa_log("failed to drop capabilities: %s", pa_cstrerror(errno)); goto fail; } - + r = 0; fail: -- cgit From a67c21f093202f142438689d3f7cfbdf4ea82eea Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sun, 28 Oct 2007 19:13:50 +0000 Subject: merge 'lennart' branch back into trunk. git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1971 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index f92db743..5b4008a5 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -26,11 +26,11 @@ #include #endif -#include #include #include #include #include +#include #ifdef HAVE_SYS_CAPABILITY_H #include @@ -60,7 +60,7 @@ void pa_drop_root(void) { if (uid == 0 || geteuid() != 0) return; - pa_log_info("dropping root rights."); + pa_log_info("Dropping root priviliges."); #if defined(HAVE_SETRESUID) setresuid(uid, uid, uid); @@ -88,8 +88,9 @@ int pa_limit_caps(void) { cap_value_t nice_cap = CAP_SYS_NICE; caps = cap_init(); - assert(caps); + pa_assert(caps); cap_clear(caps); + cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET); cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET); if (cap_set_proc(caps) < 0) @@ -98,7 +99,7 @@ int pa_limit_caps(void) { if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) goto fail; - pa_log_info("dropped capabilities successfully."); + pa_log_info("Dropped capabilities successfully."); r = 1; @@ -114,14 +115,14 @@ int pa_drop_caps(void) { int r = -1; caps = cap_init(); - assert(caps); + pa_assert(caps); cap_clear(caps); prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0); if (cap_set_proc(caps) < 0) { - pa_log("failed to drop capabilities: %s", pa_cstrerror(errno)); + pa_log("Failed to drop capabilities: %s", pa_cstrerror(errno)); goto fail; } -- cgit From be4c0f296cecb6cfdcf38ff6151bedfa3206a5bb Mon Sep 17 00:00:00 2001 From: Diego Petteno Date: Thu, 24 Jan 2008 09:35:50 +0000 Subject: Apply the fix for CVE-2008-0008 from 0.9.9 release on trunk. git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2102 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 5b4008a5..44ee355e 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -63,13 +63,16 @@ void pa_drop_root(void) { pa_log_info("Dropping root priviliges."); #if defined(HAVE_SETRESUID) - setresuid(uid, uid, uid); + pa_assert_se(setresuid(uid, uid, uid) >= 0); #elif defined(HAVE_SETREUID) - setreuid(uid, uid); + pa_assert_se(setreuid(uid, uid) >= 0); #else - setuid(uid); - seteuid(uid); + pa_assert_se(setuid(uid) >= 0); + pa_assert_se(seteuid(uid) >= 0); #endif + + pa_assert_se(getuid() == uid); + pa_assert_se(geteuid() == uid); } #else @@ -147,4 +150,3 @@ int pa_drop_caps(void) { } #endif - -- cgit